The Internet’s Heart Attack: Heartbleed Prognosis?

UPDATE 15:10 BST

The prognosis might be better than we thought. Cloudfare has just released some research, suggesting that SSL keys which allow access to data might not have been leaked via Heartbleed. They can’t be 100% sure, but if it does it leak keys, would be “very hard” to do obtain them. It’s not the all clear, but we might just escape an internet apocalypse.


 

The internet has suffered one of its biggest security risks yet. Exposed at the beginning of the week, Heartbleed, has been labelled as a “catastrophic” exploit for internet security. But what’s going on and who’s affected?

What is Heartbleed?

Discovered  earlier this week, Heartbleed is a vulnerability in the OpenSSL software library. OpenSSL is designed to encrypt communications between your computer and the websites you enter data into. Sort of like a signal before a secret conversation.

Named Heartbleed because OpenSSL was tagged as ‘Heartbeat’ by its engineers.

This software tops the charts as one of the most used encryption tools, meaning any vulnerability has a large damage range. Websites that generally transmit ‘secure’ data are using SSL. Over half a million websites are thought to be affected, and chief technology officer of Co3 Systems Bruce Schneier said: 

 “On the scale of one to 10, this is an 11.”

The bug is so serious, that a website dedicated to it has been set up:  Heartbleed.com.

Welcoming page of heart bleed.com
Welcoming page of heart bleed.com

What next?

OK, the reason I have written this article now, instead of when it originally broke was to ensure you got the correct information. It’s been a fluctuating story and advice from firms has just as quickly been retracted than it was given. In fact, in the past 4 hours, Dr Robin Seggelmann (a German programmer) has come forward, admitting he wrote the code. Luckily, he denies it was a deliberate  and was merely a “trivial” mistake. That said, it went through several testing phases and was never picked up – neither were any changes made before a final release. 

So, the low down as it stands…

Googe and Yahoo have caused confusion over whether or not to change your passwords. Google says no, unless it’s been shared with a vulnerable site; while Yahoo recommended that Tumblr users change every password they have. 

To be safe, change them all. Hopefully, most sites will have been patched by now – but if not, changing will be fruitless. Because you will still be open to the bug – so first find out if you’ve been patched. Paste the link of your sites into this handy tool.

Heartbleed Tool – test your server 

If so, you know what to do. Make your password complex with caps, numbers and symbols. Also clear all browser cache and cookies – we don’t want old passwords running into trouble.

We’ve compiled a list of sites known to have been breached, let us know if there are any more. Exercise caution. Some sites might have been patched, but be weary.

 

Site Qualys Confirmation from site
Google Pass Vulnerability patched. Password change recommended
Facebook Pass Vulnerability patched. Password change recommended
YouTube Pass Vulnerability patched. Password change recommended
Yahoo! Pass Vulnerability patched. Password change recommended
Amazon Pass Was not vulnerable
Wikipedia Pass Vulnerability patched. Password change recommended
LinkedIn Pass Was not vulnerable
eBay Pass Was not vulnerable
Twitter Pass Was not vulnerable
Craigslist Pass Awaiting response
Bing Pass Vulnerability patched. Password change recommended
Pinterest Pass Vulnerability patched. Password change recommended
Blogspot Pass Vulnerability patched. Password change recommended
CNN Be on alert Awaiting response
Live Pass Was not vulnerable
PayPal Pass Was not vulnerable
Instagram Pass Vulnerability patched. Password change recommended
Tumblr Pass Vulnerability patched. Password change recommended
Espn.go.com Pass Vulnerability patched. Password change recommended
WordPress Pass Awaiting response
Imgur Pass Awaiting response
Huffington Post Not available Awaiting response
Reddit Pass Vulnerability patched. Password change recommended
MSN Pass Was not vulnerable
Netflix Pass Vulnerability patched. Password change recommended
Weather.com Not available Vulnerability patched. Password change recommended
IMDb Not available Was not vulnerable
Yelp Pass Vulnerability patched. Password change recommended
Apple Pass Was not vulnerable
AOL Pass Awaiting response
Microsoft Pass Was not vulnerable
NYTimes Pass Awaiting response
Bank of America Pass Was not vulnerable
Ask Not available Was not vulnerable
Fox News Pass Was not vulnerable
Chase Pass Was not vulnerable
GoDaddy Pass Vulnerability patched. Password change recommended
About Not available Was not vulnerable
BuzzFeed Pass Awaiting response
Zillow Pass Was not vulnerable
Wells Fargo Pass Was not vulnerable
Etsy Pass Vulnerability patched. Password change recommended
XVideos Be on alert Awaiting response
Walmart Pass Was not vulnerable
CNET Pass Was not vulnerable
Pandora Pass Was not vulnerable
xHamster Pass Awaiting response
PornHub Pass Awaiting response
Comcast Pass Awaiting response
Stack Overflow Pass Vulnerability patched. Password change recommended
Salesforce Pass Was not vulnerable
Daily Mail Be on alert Awaiting response
Vimeo Pass Vulnerability patched. Password change recommended
Conduit Pass Awaiting response
Flickr Pass Vulnerability patched. Password change recommended
Zedo Not available Was not vulnerable
Forbes Not available Was not vulnerable
LiveJasmin Be on alert Awaiting response
USPS Pass Vulnerability patched. Password change recommended
Indeed Pass Awaiting response
Hulu Pass Was not vulnerable
Answers Pass Was not vulnerable
HootSuite Pass Was not vulnerable
Amazon Web Services Pass Awaiting response
Adobe Pass Awaiting response
Blogger Pass Vulnerability patched. Password change recommended
Dropbox Pass Vulnerability patched. Password change recommended
Reference.com Not available Was not vulnerable
AWeber Pass Was not vulnerable
UPS Pass Was not vulnerable
Intuit Pass Awaiting response
NBC News Pass Awaiting response
USA Today Pass Was not vulnerable
Outbrain Pass Vulnerability patched. Password change recommended
The Pirate Bay Pass Awaiting response
The Wall Street Journal Pass Awaiting response
Bleacher Report Pass Awaiting response
Constant Contact Pass Was not vulnerable
Wikia Pass Vulnerability patched. Password change recommended
CBSSports Pass Was not vulnerable
Publishers Clearing House Pass Awaiting response
Washington Post Not available Vulnerability patched. Password change recommended
Target Pass Was not vulnerable
Drudge Report Be on alert Awaiting response
TripAdvisor Pass Was not vulnerable
FedEx Pass Was not vulnerable
Capital One Pass Was not vulnerable
wikiHow Not available Was not vulnerable
Googleusercontent.com Pass Vulnerability patched. Password change recommended
Groupon Pass Was not vulnerable
Best Buy Pass Awaiting response
AT&T Pass Awaiting response
Home Depot Pass Awaiting response
Trulia Not available Was not vulnerable
TMZ Pass Awaiting response
Feedbin Pass Vulnerability patched. Password change recommended
Pinboard Pass Vulnerability patched. Password change recommended
GetPocket Pass Vulnerability patched. Password change recommended
IFTTT Pass Vulnerability patched. Password change recommended
ManageWP Pass Was not vulnerable
PayScale Pass Was not vulnerable
OKCupid Pass Vulnerability patched. Password change recommended
Dillard’s Pass Was not vulnerable
NetZero Not available Was not vulnerable
Classmates Not available Was not vulnerable
MyPoints Pass Was not vulnerable

 Courtesy of CNET 

 

Advertisements

One thought on “The Internet’s Heart Attack: Heartbleed Prognosis?”

Comments are closed.